Фильтрация по: Services API x очистить

Декабрь 31, 2022

CIS 2022 api certificate issuance DigiCert One CertCentral PKI Platform 8 validation Direct Cert Portal QuoVadis PKI Platfom 8 API ACME scheduled maintenance SCEP ACME agent automation Discovery API Services API ACME agent automation API discovery
new

DIGICERT 2022 MAINTENANCE SCHEDULE

To make it easier to plan your certificate-related tasks, we scheduled our 2022 maintenance windows in advance. See DigiCert 2022 scheduled maintenance—this page is updated with all current maintenance schedule information.

With customers worldwide, we understand there is not a "best time" for everyone. However, after reviewing the data on customer usage, we selected times that would impact the fewest amount of our customers.

About our maintenance schedule

  • Maintenance is scheduled for the first weekend of each month unless otherwise noted.
  • Each maintenance window is scheduled for 2 hours.
  • Although we have redundancies to protect your service, some DigiCert services may be unavailable.
  • All normal operations will resume once maintenance is completed.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.

If you need more information regarding these maintenance windows, contact your account manager or DigiCert support team.

Октябрь 8, 2022

CIS CBC ciphers End of support Cipher-Block-Chaining (CBC) ciphers Services API SCEP certificate issuing service (CIS) CertCentral simple certificate enrollment profile (SCEP)
compliance

End of support for CBC ciphers in TLS connections

DigiCert will end support for Cipher-Block-Chaining (CBC) ciphers in TLS connections to our services on October 8, 2022, at 22:00 MDT (October 9, 2022, at 04:00 UTC).

This change affects browser-dependent services and applications relying on CBC ciphers that interact with these DigiCert services:

  • CertCentral and CertCentral Services API
  • Certificate Issuing Services (CIS)
  • CertCentral Simple Certificate Enrollment Protocol (SCEP)

This change does not affect your DigiCert-brand certificates. Your certificates will continue to work as they always have.

Why is DigiCert ending support for the CBC ciphers?

To align with Payment card industry (PCI) compliance standards, DigiCert must end support for the following CBC:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA

What do I need to do?

If you are using a modern browser, no action is required. Most browsers support strong ciphers, such as Galois/Counter Mode (GCM) ciphers, including Mozilla Firefox, Google Chrome, Safari, and Microsoft Edge. We do recommend updating your browser to its most current version.

If you have applications or API integrations affected by this change, enable stronger ciphers, such as GCM ciphers, in those applications and update API integrations before October 8, 2022.

If you do not update API integrations and applications, they will not be able to use HTTPS to communicate with CertCentral, the CertCentral Services API, CIS, and SCEP.

Knowledge base article

See our Ending Support for CBC Ciphers in TLS connections to our services for more information.

Contact us

If you have questions or need help, contact your account manager or DigiCert Support.

Сентябрь 30, 2022

Services API CertCentral Notifications Webhooks
new

CertCentral Services API: Webhooks

CertCentral supports webhook notifications when a certificate is issued.

You can now receive notifications when a certificate is issued without regularly querying the Orders API for the issuance status of your certificates. Your external application can wait to receive notification that the certificates are ready and then send a callback request to download the certificate, or programmatically alert the certificate owner.

Webhooks are currently a beta offering. To enable them for your account, contact your account representative or DigiCert Support.

Learn more

Сентябрь 27, 2022

Services API DCV domains domain control validation domain prevalidation
enhancement

CertCentral Services API: Keep the "www" subdomain label when adding a domain to your account

To give you more control over your domain prevalidation workflows, we added a new optional request parameter to the Add domain API endpoint: keep_www. Use this parameter to keep the www. subdomain label when you add a domain using a domain control validation (DCV) method of email, dns-txt-token, or dns-cname-token.

By default, if you are not using file-based DCV, the Add domain endpoint always removes the www. subdomain label from the name value. For example, if you send www.example.com, DigiCert adds example.com to your account and submits it for validation.

To keep the www and limit the scope of the approval to the www subdomain, set the value of the keep_www request parameter to true:

keep_www example JSON

Learn more

Август 30, 2022

documentation code signing certificates EV CS verified contact Verified Mark Certificates verified contact Services API EV TLS certificates
enhancement

CertCentral Services API: Added label for verified contacts

In the CertCentral Services API, we added a new contact_type label for verified contacts: verified_contact.

Use the verified_contact label to identify verified contacts for an organization when you submit a request for an EV TLS, Verified Mark, Code Signing, or EV Code Signing certificate. The updated label applies to all verified contacts, regardless of which product type the order is for.

For example, this JSON payload shows how to use the verified_contact label to add a verified contact to an organization in a new certificate order request:

verified_contact.png

Note: Before this change, verified contacts were always identified with the label ev_approver. The CertCentral Services API will continue accepting ev_approver as a valid label for verified contacts on EV TLS, Verified Mark, Code Signing, and EV Code Signing certificate orders. The verified_contact label works the same as the ev_approver label, but the name is updated to apply to all products that require a verified contact.

enhancement

Improved API documentation for adding organizations to Code Signing and EV Code Signing orders

We updated the Order code signing certificate API documentation to describe three ways to add an organization to your Code Signing (CS) or EV Code Signing (EV CS) order requests:

  1. Add an existing organization already validated for CS or EV CS certificate issuance.
  2. Add an existing organization not validated for CS or EV CS and submit the organization for validation with your order.
  3. Create a new organization and submit it for validation with your CS or EV CS order request.

Learn more: Order code signing certificate – CS and EV CS organization validation

Август 24, 2022

edit sans pending orders Services API CertCentral tls certificates New feature SSL certificates
new

CertCentral: Edit SANs on pending orders: new, renewals, and reissues

DigiCert is happy to announce that CertCentral allows you to modify the common name and subject alternative names (SANs) on pending orders: new, renewals, and reissues.

Tired of canceling an order and placing it again because a domain has a typo? Now, you can modify the common name/SANs directly from a pending order.

Items to note when modifying SANs

  • Only admins and managers can edit SANs on pending orders.
  • Editing domains does not change the cost of the order.
  • You can only replace a wildcard domain with another wildcard domain and a fully qualified domain name (FQDN) with another FQDN.
  • The total number of domains cannot exceed the number included in the original request.
  • Removed SANs can be added back for free, up to the amount purchased, any time after DigiCert issues your certificate.
  • To reduce the certificate cost, you must cancel the pending order. Then submit a new request without the SANs you no longer want the certificate to secure.

See for yourself

  1. In your CertCentral account, in the left main menu, go to Certificates > Orders.
  2. On the Orders page, select the pending order with the SANs you need to modify.
  3. On the certificate’s Order details page, in the Certificate status section, under What do you need to do, next to Prove control over domains, select the edit icon (pencil).

See Edit common name and SANs on a pending TLS/SSL order: new, renewals, and reissues.

CertCentral Services API: Edit SANs on a pending order and reissue

To allow you to modify SANs on pending new orders, pending renewed orders, and pending reissues in your API integrations, we added a new endpoint to the CertCentral Services API. To learn how to use the new endpoint, visit Edit domains on a pending order or reissue.

Август 22, 2022

DCV expiration dates list domains domain info DCV Services API domain prevalidation
enhancement

CertCentral Services API: New response parameters for Domain info and List domains endpoints

To make it easier for API clients to get the exact date and time domain validation reuse periods expire, we added new response parameters to the Domain info and List domains API endpoints:

  • dcv_approval_datetime: Completion date and time (UTC) of the most recent DCV check for the domain.
  • dcv_expiration_datetime: Expiration date and time (UTC) of the most recent DCV check for the domain.

Note: For domain validation expiration dates, use the new dcv_expiration_datetime response parameter instead of relying on the dcv_expiration.ov and dcv_expiration.ev fields. Since October 1, 2021, the domain validation reuse period is the same for both OV and EV TLS/SSL certificate issuance. The new dcv_expiration_datetime response parameter returns the expiration date for both OV and EV domain validation.

Learn more:

Август 6, 2022

CIS 2022 maintenance simple certificate enrollment profile. CertCentral Direct Cert Portal downtime ACME SCEP Direct Cert Portal API ACME agent automation certificate issuing service (CIS) Discovery API Services API ACME agent automation API discovery delayed responses
new

Upcoming scheduled maintenance

Some DigiCert services will be down for about 15 minutes during scheduled maintenance on August 6, 2022, 22:00 – 24:00 MDT (August 7, 2022, 04:00 – 06:00 UTC).

Infrastructure-related maintenance downtime

The infrastructure-related maintenance starts at 22:00 MDT (04:00 UTC). At that time, the services listed below may be down, or experience delayed responses for approximately 15 minutes.

Affected services:

CertCentral® / Services API

  • Unable to access your CertCentral account.
  • Services API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

CertCentral Automation / API

  • Reschedule automation events around maintenance.
  • If automation events cannot be rescheduled, retry failed events after services are restored.

CertCentral Discovery / API

  • Reschedule Discovery scans around maintenance.
  • If scans cannot be rescheduled, retry failed scans after services are restored.

CertCentral Certificate Issuing Service (CIS) and Simple Certificate Enrollment Protocol (SCEP)

  • Requests submitted during this time will fail.
  • APIs will return a "503 Service is unavailable" error.
  • Failed requests should be resubmitted after services are restored.

Direct Cert Portal / API

  • Unable to access your Direct Cert Portal account.
  • Direct Cert Portal API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

What can I do?
Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

Июль 11, 2022

reissues duplicate certificates Services API Multi-year plan archive
new

CertCentral Services API: Archive and restore certificates

To give API clients the option to hide unused certificates from API response data, we released new API endpoints to archive and restore certificates. By default, archived certificates do not appear in response data when you submit a request to the List reissues or List duplicates API endpoints.

New API endpoints

Updated API endpoints

We updated the List reissues and List duplicates endpoints to support a new optional URL query parameter: show_archived. If the value of show_archived is true, the response data includes archived certificates. If false (default), the response omits archived certificates.

Июль 9, 2022

2022 CertCentral PKI Platform 8 domain validation Direct Cert Portal TrustLink certificate issuance downtime ACME Direct Cert Portal API ACME agent automation Discovery API Services API TrustLink organization validation ACME agent automation API discovery
new

Upcoming Schedule Maintenance

Some DigiCert services will be down for a total of 20 minutes during scheduled maintenance on July 9, 2022, 22:00 – 24:00 MDT (July 10, 2022, 04:00 – 06:00 UTC).

Infrastructure-related maintenance downtime

The services listed below will be down for a total of 20 minutes while we perform our infrastructure-related maintenance. The downtime consists of two 10-minute windows, one at the start and one at the end of the infrastructure-related work:

  • Start: 22:00 – 22:10 MDT (UTC -6)
  • End: 23:30 – 23:40 MDT (UTC -6)*

*The plan is to end our maintenance at approximately 23:30 MDT (UTC –6). However, if issues occur, we will need to end this work early, which means the second downtime may happen earlier than planned.

Affected services

CertCentral® / Services API

  • Unable to access your CertCentral account.
  • Services API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

CertCentral Automation / API

  • Reschedule automation events around maintenance.
  • If automation events cannot be rescheduled, retry failed events after services are restored.

Discovery / API

  • Reschedule Discovery scans around maintenance.
  • If scans cannot be rescheduled, retry failed scans after services are restored.

Direct Cert Portal / API

  • Unable to access your Direct Cert Portal account
  • Direct Cert Portal API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

QuoVadis® TrustLink® certificate issuance

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be queued and processed after services are restored

PKI Platform 8 new domain and organization validation

  • New domains submitted for validation during this time will be delayed.
  • New organizations submitted for validation during this time will be delayed.
  • Requests will be queued and processed after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Май 31, 2022

order info endpoint Services API certcentral requests
enhancement

CertCentral Services API: Improved Order info API response

Update: To give API consumers more time to evaluate the impact of the Order info API response changes on their integrations, we are postponing this update until May 31, 2022. We originally planned to release the changes described below on April 25, 2022.

On May 31, 2022, DigiCert will make the following improvements to the Order info API. These changes remove unused values and update the data structure of the order details object to be more consistent for orders in different states across product types.

For more information and response examples for public TLS, code signing, document signing, and Class 1 S/MIME certificates, see the reference documentation for the Order info endpoint.

If you have questions or need help with these changes, contact your account representative or DigiCert Support.

Need to test your API integration?

To help CertCentral Services API consumers evaluate the impact of these changes, DigiCert is providing a beta server for API consumers to test their integrations prior to the May 31, 2022 release. To learn more, see our knowledge base article: DigiCert CertCentral Services API beta server.

General enhancements

The following changes apply to orders for various certificate types irrespective of order status.

Removed parameters:

  • public_id (string)
    For all orders, the API will stop returning the public_id parameter. DigiCert no longer supports the Express Install workflow that required a public_id value.
  • certificate.ca_cert_id (string)
    For DV certificate orders, the API will stop returning the ca_cert_id parameter. The value of this parameter is an internal ID for the issuing ICA certificate and cannot be used externally. The API already excludes the ca_cert_id parameter from the order details for other product types.

    To get the name and public ID of the issuing ICA certificate associated with the order, use the ca_cert object instead.
  • verified_contacts (array of objects)
    For document signing certificate orders, the API will stop returning the verified_contacts array. The API already excludes the verified_contacts array from the order details for other product types.
  • certificate.dns_names (array of strings)
    If there are no DNS names associated with the order (for example, if the order is for a code signing, document signing, or Class 1 S/MIME certificate), the API will stop returning the dns_names array.

    Before, the API returned a dns_names array with an empty string: [" "]
  • certificate.organization_units (array of strings)
    If there are no organization units associated with the order, the API will stop returning an organization_units array.

    Before, for some product types, the API returned an organization_units array with an empty string: [" "]
  • certificate.cert_validity
    In the cert_validity object, the API will only return a key/value pair for the unit used to set the certificate validity period when the order was created. For example, if the validity period of the certificate is for 1 year, the cert_validity object will return a years parameter with a value of 1.

    Before, the cert_validity object sometimes returned values for both days and years.

Added parameters:

  • order_validity (object)
    For code signing, document signing, and client certificate orders, the API will start returning an order_validity object.

    The order_validity object returns the days, years, or custom_expiration_date for the order validity period. The API already includes an order_validity object in the order details for public SSL/TLS products.
  • payment_profile (object)
    For DV certificate orders, if the order is associated with a saved credit card, the API will start returning a payment_profile object. The API already includes a payment_profile object in the order details for other product types.
  • server_licenses
    For DV certificate orders, the API will start returning the server_licenses parameter. The API already includes the server_licenses parameter in the order details for other product types.

Unapproved order requests

The following changes apply only to certificate order requests that are pending approval or that have been rejected. These changes bring the data structure of the response closer to what the API returns after the request is approved and the order is submitted to DigiCert for validation and issuance.

To manage unapproved and rejected requests, we recommend using the Request endpoints (/request) instead of retrieving the order details. We designed the /request endpoints to manage pending and rejected certificate order requests, and these endpoints remain unchanged.

Note: For quicker certificate issuance, we recommend using a workflow that skips or omits the request approval step for new certificate orders. If your API workflow already skips or omits the approval step, you can safely ignore the changes below. Learn more about removing the approval step:

Added parameters:

  • disable_ct (boolean)
  • allow_duplicates (boolean)
  • cs_provisioning_method (string)

Removed parameters:

  • server_licenses (integer)
    For unapproved order requests, the API will stop returning the server_licenses parameter. The API will continue including the server_licenses parameter in order details for approved order requests.

Improved organization object
To provide a consistent data structure in the order details for unapproved and approved order requests, the API will return a modified organization object on unapproved order requests for some product types.

The API will stop returning the following unexpected properties on unapproved order requests for all product types:

  • organization.status (string)
  • organization.is_hidden (boolean)
  • organization.organization_contact (object)
  • organization.technical_contact (object)
  • organization.contacts (array of objects)

The API will start returning the following expected properties, if existing, on unapproved order requests for all product types:

  • organization.name (string)
  • organization.display_name (string)
  • organization.assumed_name (string)
  • organization.city (string)
  • organization.country (string)

To get organization details not included in the Order info response, use the Organization info API endpoint.

Май 19, 2022

api manage contacts Organization details page organization contact new endpoints technical contact New Services API
new

CertCentral: Update organization and technical contacts from the organization's details page

We are happy to announce you can now manage your organization and technical contacts from your organization's details page. This new feature allows you to replace incorrect contacts anytime.

Note: Before, you could only view the existing organization and technical contacts when visiting the organization's details page. The only way to replace an organization or technical contact was when requesting a TLS certificate.

The next time you visit an organization's details page, you can update the organization contact and technical contact for the organization. After editing a contact, you will see the new contact information the next time you order a certificate that includes organization and technical contacts.

Items to note when replacing contacts:

  • Replacing a contact is not retroactive and does not affect existing certificate orders, issued or pending.
  • Replacing the organization contact does not affect the organization validation. However, we will contact the organization directly to verify the new organization contact.

See for yourself

  1. In your CertCentral account, in the left main menu, go to Certificates > Organizations.
  2. On the Organizations page, select the name of the organization.
  3. On the organization's details page, you can now replace the organization contact and add, delete, and replace the technical contact.

Learn more:

new

CertCentral Services API: Update organization and technical contacts

To help you manage the organization and technical contacts for your organizations in your API integrations, we added the following endpoints to the CertCentral Services API:

Май 7, 2022

CIS 2022 DigiCert One CertCentral PKI Platform 8 domain validation Direct Cert Portal TrustLink certificate issuance downtime ACME certificate issuing service (CIS) Direct Cert Portal API ACME agent automation tls certificates Services API TLS certificate issuance TrustLink organization validation ACME agent automation API
new

Upcoming Schedule Maintenance

Update: There is no planned downtime during maintenance on May 7, MDT (May 8, UTC).

DigiCert will perform scheduled maintenance on May 7, 2022, between 22:00 – 24:00 MDT (May 8, 2022, between 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • See the DigiCert 2022 maintenance schedule for maintenance dates and times.

Services will be restored as soon as we complete the maintenance.

Апрель 11, 2022

domain lock Services API CertCentral caa domains CAA resource record
new

CertCentral Services API: Domain locking API endpoints

DigiCert is happy to announce our domain locking feature is now available in the CertCentral Services API.

Note: Before you can use the domain locking endpoints, you must first enable domain locking for your CertCentral account. See Domain locking  – Enable domain locking for your account.

New API endpoints

Updated API endpoints

We updated the response for the Domain info and List domains endpoints to include the following parameters with domain lock details:

  • domain_locking_status (string)
    Domain lock status. Only returned if domain locking is enabled for the account.
  • account_token (string)
    Domain lock account token. Only returned if domain locking is enabled for the account, and if domain locking has been activated for the domain at least once.

To learn more, see:

Апрель 2, 2022

2022 PKI Platform 8 certificate issuing service (CIS) tls certificates downtime TLS certificate issuance ACME agent automation API User Authorization Agent (UAA) services DigiCert One ACME CertCentral domain validation TrustLink organization validation CIS Services API Direct Cert Portal scheduled maintenance SCEP Direct Cert Portal API ACME agent automation TrustLink certificate issuance
new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on April 2, 2022, between 22:00 – 24:00 MDT (April 3, 2022, between 04:00 – 06:00 UTC). During this time, some services may be down for up to two hours.

Note: Maintenance will be one hour earlier for those who don't observe daylight savings.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MDT (04:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral® TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral® SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis® TrustLink® certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored
  • Access to User Authorization Agent (UAA) services will be disabled: both the UAA Admin and User web portals

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Март 10, 2022

Services API DCV CertCentral New CNAME DV Certificates domain control validation
new

CertCentral: DNS CNAME DCV method now available for DV certificate orders

In CertCentral and the CertCentral Services API, you can now use the DNS CNAME domain control validation (DCV) method to validate the domains on your DV certificate order.

Note: Before, you could only use the DNS CNAME DCV method to validate the domains on OV and EV certificate orders and when prevalidating domains.

To use the DNS CNAME DCV method on your DV certificate order:

  • In CertCentral:
    • When ordering a DV TLS certificate, you can select DNS CNAME as the DCV method.
    • On the DV TLS certificate's order details page, you can change the DCV method to DNS CNAME Record.
  • In the Services API:
    • When requesting a DV TLS certificate, set the value of the dcv_method request parameter to dns‑cname‑token.

Note: The AuthKey process for generating request tokens for immediate DV certificate issuance does not support the DNS CNAME DCV method. However, you can use the File Auth (http‑token) and DNS TXT (dns‑txt‑token) DCV methods. To learn more, visit DV certificate immediate issuance.

To learn more about using the DNS CNAME DCV method:

Март 8, 2022

domains Services API DCV pre-validation
enhancement

CertCentral Services API: Improved List domains endpoint response

To make it easier to find information about the domain control validation (DCV) status for domains in your CertCentral account, we added these response parameters to domain objects in the List domains API response:

  • dcv_approval_datetime: Completion date and time of the most recent DCV check for the domain.
  • last_submitted_datetime: Date and time the domain was last submitted for validation.

For more information, see the reference documentation for the List domains endpoint.

Март 5, 2022

2022 PKI Platform 8 certificate issuing service (CIS) tls certificates downtime TLS certificate issuance ACME agent automation API DigiCert One ACME CertCentral domain validation TrustLink organization validation CIS Services API Direct Cert Portal scheduled maintenance SCEP Direct Cert Portal API ACME agent automation TrustLink certificate issuance
new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on March 5, 2022, between 22:00 – 24:00 MST (March 6, 2022, between 05:00 – 07:00 UTC). During this time, some services may be down for up to two hours.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MST (05:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral™ TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral™ SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis™ TrustLink™ certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Февраль 17, 2022

bug fix CertCentral verified contact Services API EV TLS certificates
fix

CertCentral: Improved verified contact EV TLS certificate request approval process

In CertCentral and the CertCentral Services API, we updated the EV TLS certificate request process to only send the EV TLS request approval emails to the verified contacts you include on the certificate request.

Note: Before, when you requested an EV TLS certificate, we sent the EV order approval email to all the verified contacts for the organization.

Add verified contacts to an EV TLS certificate request:

  • CertCentral
    When requesting an EV TLS certificate, you can:
    • Keep the existing verified contacts assigned to the organization
    • Remove contacts (at least one is required)
    • Add new contacts (we must validate each new contact, which may delay certificate issuance).
  • Services API
    When requesting an EV TLS certificate, include the verified contacts in the organization.contacts array of the JSON request. For verified contacts, the value of the contact_type field is ev_approver.

To learn more about EV TLS certificate requests:

Февраль 9, 2022

CertCentral API DCV tokens expiration dates Services API Domain info
enhancement

CertCentral Services API: Domain info enhancement

We updated the Domain info API response to include the expiration_date parameter for the DCV token associated with the domain. Now, when you call the Domain info API and set the value of the include_dcv query parameter to true, the dcv_token object in the response includes the expiration_date of the DCV token for the domain.

Январь 24, 2022

Domains page CertCentral completed-validated filter List domains endpoint enhancement Services API
enhancement

Improved Domains page, Validation status filter—Completed / Validated

On the Domains page, in the Validation status dropdown, we updated the Completed / Validated filter to make it easier to find domains with completed and active domain control validation (DCV).

Note: Before, when you searched for domains with Completed / Validated DCV, we returned all domains with completed DCV even if the domain validation had expired.

Now, when you search for domains with Completed / Validated DCV, we only return domains with completed and active DCV in your search results. To find domains with expired DCV, use the Expired filter in the Validation status dropdown.

Find domains with completed and active DCV

  1. In CertCentral, in the left main menu, go to Certificates > Domains.
  2. On the Domains page, in the Validation status dropdown, select Completed / Validated.
enhancement

CertCentral Services API: List domains enhancement

For the List domains API, we updated the filters[validation]=completed filter to make it easier to find domains validated for OV or EV certificate issuance.

Before, this filter returned all domains with completed DCV checks, even if the domain validation had expired. Now, the filter only returns domains with an active OV or EV domain validation status

Январь 8, 2022

CIS DigiCert One CertCentral PKI Platform 8 Direct Cert Portal ACME scheduled maintenance SCEP ACME agent automation certificate issuing service (CIS) Services API TrustLink discovery
new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on January 8, 2022, between 22:00 – 24:00 MST (January 9, 2022, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • If you use the APIs for immediate certificate issuance and automated tasks, expect interruptions.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Декабрь 31, 2021

PKI Platform 7 QuoVadis ACME scheduled maintenance Direct Cert Portal API SCEP CIS api certificate issuance DigiCert One 2021 PKI Platform 8 validation certcentral Direct Cert Portal ACME agent automation Discovery API Services API ACME agent automation API discovery
new

Для упрощения процесса планирования задач, связанных с вашими сертификатами, нами заранее разработан график обслуживания на 2021 год. См.  График обслуживания DigiCert на 2021 г.— эта страница постоянно обновляется, и на ней отображается вся информация, относящаяся к графику обслуживания.

У нас имеется множество пользователей во всем мире, поэтому сложно выбрать время, устраивающее всех. Однако после анализа данных о загрузке наших клиентов мы постарались выбрать периоды времени, в которые будет нарушаться работа минимального числа наших клиентов.

О нашем графике обслуживания

  • Проведение обслуживание планируется на первые выходные каждого месяца, если не указано иное.
  • Планируемая продолжительность периода обслуживания составляет 2 часа.
  • Несмотря на то, что мы имеем резерв, позволяющий защитить вашу службу, некоторые сервисы DigiCert могут оказаться недоступными.
  • После завершения обслуживания выполнение всех обычных операций возобновляется.

Если вам требуется более подробная информация об этих окнах обслуживания, обратитесь к своему менеджеру по учётная запись или в  службу поддержки DigiCert. Для обновления в реальном времени подпишитесь на страницу Статус DigiCert.

Декабрь 4, 2021

CIS DigiCert One CertCentral PKI Platform 8 Direct Cert Portal PKI Platfom 8 API ACME scheduled maintenance SCEP Direct Cert Portal API ACME agent automation Discovery API Services API TrustLink ACME agent automation API discovery
new

Upcoming Scheduled Maintenance

DigiCert will perform scheduled maintenance on December 4, 2021, between 22:00 – 24:00 MST (December 5, 2021, between 05:00 – 07:00 UTC). Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Ноябрь 16, 2021

File api OV SSL certificates DCV CertCentral domain validation DV SSL certificates http token HTTP Practical Demonstration EV SSL certificates tls certificates FileAuth Services API SSL certificates domain control validation wildcard domains http auth SC45 domain prevalidation file-based DCV
compliance

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

  • Validate wildcard domains (*.example.com)
  • To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
  • Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

compliance

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

compliance

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

Ноябрь 6, 2021

CIS DigiCert One CertCentral PKI Platform 8 Direct Cert Portal TrustLink certificate issuance ACME DV SSL certificates scheduled maintenance SCEP Direct Cert Portal API ACME agent automation Discovery API Services API DV certificate issuance TrustLink ACME agent automation API discovery
new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on November 6, 2021, between 22:00 – 24:00 MDT (November 7, 2021, between 04:00 – 06:00 UTC).

CertCentral infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance between 22:00 and 22:10 MDT (04:00 and 04:10 UTC). Then, for approximately 30 minutes, the following services will be down:

DV certificate issuance for CertCentral, ACME, and ACME agent automation

  • DV certificate requests submitted during this time will fail
  • APIs will return a "cannot connect" error
  • Failed requests should be resubmitted after services are restored

CIS and SCEP

  • Certificate Issuing Service (CIS) will be down
  • Simple Certificate Enrollment Protocol (SCEP) will be down
  • DigiCert will be unable to issue certificates for CIS and SCEP
  • APIs will return a "cannot connect" error
  • Requests that return "cannot connect" errors should be resubmitted after services are restore

QuoVadis TrustLink certificate issuance

  • TrustLink certificate requests submitted during this time will fail
  • However, failed requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored, as required

This maintenance only affects DV certificate issuance, CIS, SCEP, and TrustLink certificate issuance. It does not affect any other DigiCert platforms or services .

PKI Platform 8 maintenance

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC). Then, for approximately 30 minutes, the PKI Platform 8 will experience service delays and performance degradation that affect:

  • Signing in and using your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • Using any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • Performing certificate lifecycle tasks/operations:
    • Enrolling certificates: new, renew, or reissues
    • Adding domains and organizations
    • Submitting validation requests
    • Viewing reports, revoking certificates, and creating profiles
    • Adding users, viewing certificates, and downloading certificates
  • Certificate issuance for PKI Platform 8 and its corresponding API.

Additionally:

  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Октябрь 2, 2021

CIS DigiCert One CertCentral PKI Platform 8 Direct Cert Portal PKI Platform 8 certificate issuance PKI Platform 8 validation ACME scheduled maintenance SCEP Direct Cert Portal API ACME agent automation Discovery API Services API ACME agent automation API discovery
new

Upcoming Schedule Maintenance

On October 2, 2021, between 22:00 – 24:00 MDT (October 3, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 20 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 20 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Сентябрь 11, 2021

CIS DigiCert One CertCentral PKI Platform 8 Direct Cert Portal PKI Platform 8 certificate issuance PKI Platform 8 validation PKI Platfom 8 API ACME scheduled maintenance SCEP Direct Cert Portal API ACME agent automation Discovery API Services API ACME agent automation API discovery
new

Upcoming Schedule Maintenance

On September 11, 2021, between 22:00 – 24:00 MDT (September 12, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

CertCentral, CIS, SCEP, Direct Cert Portal, and DigiCert ONE maintenance

DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

PKI Platform 8 maintenance and downtime:

DigiCert will perform scheduled maintenance on PKI Platform 8. During this time, the PKI Platform 8 and its corresponding APIs will be down for approximately 60 minutes.

We will start the PKI Platform 8 maintenance at 22:00 MDT (04:00 UTC).

Then, for approximately 60 minutes:

  • You will be unable to sign in and use your PKI Platform 8 to perform in-console certificate lifecycle tasks.
  • You will be unable to use any of your PKI Platform 8 corresponding APIs or protocols (for example, SOAP, REST, SCEP, and EST) to perform certificate lifecycle operations.
  • You will be unable to:
    • Enroll certificates: new, renew, or reissues
    • Add domains and organizations
    • Submit validation requests
    • View reports, revoke certificates, and create profiles
    • Add users, view certificates, and download certificates
  • DigiCert will be unable to issue certificates for PKI Platform 8 and its corresponding API.
  • APIs will return a "cannot connect" error.
  • Certificate enrollments that receive "cannot connect" errors must be resubmitted after DigiCert restores services.

The PKI Platform 8 maintenance only affects PKI Platform 8. It does not affect any other DigiCert platforms or services.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete our maintenance.

Сентябрь 8, 2021

DCV expiration dates OV validation list domains domain info DCV CertCentral domain validation API filters list subaccount domains expiring domains count Services API
enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.

New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

Сентябрь 7, 2021

Services API CertCentral order details alternative order id
new

CertCentral Services API: Get orders by alternative order ID

We created a new endpoint to make it easier to get certificate order details using alternative order IDs: Get orders by alternative order ID. This endpoint returns the order ID, certificate ID, and order status of certificate orders with the alternative_order_id you provide in the URL path.

Июль 12, 2021

CertCentral VMC Verified Mark Certificates new endpoints updated endpoints Services API
new

Verified Mark Certificates available now.

Verified Mark Certificates (VMCs) are a new type of certificate that allow companies to place a certified brand logo next to the “sender” field in customer inboxes—visible before the message is opened—acting as confirmation of your domain’s DMARC status and your organization’s authenticated identity. Learn more about VMC certificates.

To disable or change availability of VMC in your account, visit the Product Settings page.

Note: If you do not see VMCs in your account, it may be because we are not offering the product to all account types yet. It is also possible that the product is available, but one of your CertCentral account’s administrators turned the product off in Product Settings.

new

CertCentral Services API: Verified Mark Certificate enhancements

To help you manage your Verified Mark Certificate (VMC) orders in your API integrations, we’ve made the following updates to the CertCentral Services API.

New endpoints:

Updated endpoints:

  • Order info
    We updated the Order info endpoint to return a vmc object with the trademark country code, registration number, and logo information for VMC orders.
  • Email certificate
    We updated the Email certificate endpoint to support emailing a copy of your issued VMC.

To learn more about managing VMC certificates from your API integrations, visit Verified Mark Certificate workflow.

Июль 10, 2021

CIS api DigiCert One CertCentral Direct Cert Portal ACME scheduled maintenance SCEP Direct Cert Portal API ACME agent automation Discovery API Services API ACME agent automation API discovery DigiCert ONE Managers
new

Upcoming schedule maintenance

On July 10, 2021, between 22:00 – 24:00 MDT (July 11, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for approximately 60 minutes, the services specified below under Service downtime will be down. Due to the scope of the maintenance, the services specified below under Service interruptions may experience brief interruptions during a 10-minute window.

Service downtime

From 22:00 – 23:00 MDT (04:00 – 05:00 UTC), while we perform database-related maintenance, the following services will be down for up to 60 minutes:

  • CertCentral / Services API
  • Direct Cert Portal / API
  • ACME
  • Discovery / API
  • ACME agent automation / API

API Note: Affected APIs will return “cannot connect” errors. Certificate-related API requests that return a “cannot connect” error message during this window will need to be placed again after services are restored.

Service interruptions

During a 10-minute window, while we perform infrastructure maintenance, the following DigiCert service may experience brief service interruptions:

  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • DigiCert ONE
  • Automation service
  • CT Log monitoring
  • Vulnerability assessment
  • PCI compliance scans

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8
  • PKI Platform 7
  • QuoVadis TrustLink

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

Июнь 5, 2021

CIS api DigiCert One CertCentral PKI Platform 8 Direct Cert Portal PKI Platform 7 QuoVadis scheduled maintenance SCEP Services API
new

Upcoming scheduled maintenance

On June 5, 2021, between 22:00 – 24:00 MDT (June 6, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance. Although we have redundancies to protect your service, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Июнь 3, 2021

OV SSL certificates domain validation EV SSL certificates Services API order endpoints
enhancement

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON payload

JSON response:

JSON response

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

Май 1, 2021

CIS api DigiCert One CertCentral PKI Platform 8 Direct Cert Portal PKI Platform 7 QuoVadis ACME scheduled maintenance SCEP Direct Cert Portal API ACME agent automation Discovery API Services API TrustLink ACME agent automation API DigiCert ONE Managers
new

Upcoming scheduled maintenance

On May 1, 2021, between 22:00 – 24:00 MDT (May 2, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

For up to 10 minutes total during the 2-hour window, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

  • PKI Platform 8
  • PKI Platform 7
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Апрель 29, 2021

deprecated parameter validation status domain validation Services API Domain info
enhancement

CertCentral Services API: Domain validation status in Domain info response

To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations array when you call the Domain info endpoint from your API integrations instead.

Note: The Domain info endpoint will continue to return a status parameter value.

Background

In the Domain info response, the status parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.

Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.

For example:

  • The OV validation for a domain may be completed.
  • The EV validation for the same domain may be expired.

As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.

Instead of relying on a single value, use the Domain info endpoint to request a validations array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true when you submit your request.

For example:

Example validations array in domain info response data

Learn more about using the Domain info endpoint

Апрель 28, 2021

Smart Seal Site Seals Services API CertCentral Site seal information page secure site Secure Site Pro
new

CertCentral Services API: Site seal enhancements

To help you manage your site seals in your API integrations, we’ve made the following updates to the CertCentral Services API:

  • New endpoint: Upload site seal logo
    We added a new endpoint – Upload site seal logo – you can use to upload your company logo for use with a DigiCert Smart Seal. This logo appears in the site seal on your website. Note: Only Secure Site and Secure Site Pro SSL/TLS certificates support the option to display your company logo in the site seal.
  • New endpoint: Update site seal settings
    We added a new endpoint – Update site seal settings – you can use to change the appearance of your site seal and the information that displays on the site seal information page.
  • Updated endpoint: Get site seal settings
    We updated the Site seal settings endpoint to return information about each property you can customize with the Update site seal settings endpoint.

Related topics:

Апрель 26, 2021

certificate id serial number revoke certificate endpoint enhancement Services API
enhancement

CertCentral Services API: Revoke certificate by serial number

To make it easier to manage certificates from your API integrations, we updated the Revoke certificate endpoint path to accept the certificate ID or the serial number of the certificate to revoke. Previously, the Revoke certificate endpoint path only accepted the certificate ID.

Example Revoke certificate path using the certificate ID:

https://www.digicert.com/services/v2/certificate/{{certificate_id}}/revoke

Example Revoke certificate path using the certificate serial number:

https://www.digicert.com/services/v2/certificate/{{serial_number}}/revoke

Learn more about using the Revoke certificate endpoint

Апрель 3, 2021

CIS api DigiCert One CertCentral PKI Platform 8 Direct Cert Portal PKI Platform 7 QuoVadis ACME scheduled maintenance Direct Cert Portal API ACME agent automation Discovery API Services API TrustLink ACME agent automation API discovery DigiCert ONE Managers
new

Upcoming scheduled maintenance

On April 3, 2021, between 22:00 – 24:00 MDT (April 4, 2021, between 04:00 – 06:00 UTC), DigiCert will perform scheduled maintenance.

During maintenance, for up to 10 minutes, we will be unable to issue certificates for the DigiCert platforms, their corresponding APIs, immediate certificate issuance, and those using the APIs for other automated tasks.

Affected services

For approximately 10 minutes, DigiCert will be unable to issue certificates for these services and APIs:

  • CertCentral / Service API
  • ACME
  • ACME agent automation / API
  • Direct Cert Portal / API
  • Certificate Issuing Service (CIS)
  • Simple Certificate Enrollment Protocol (SCEP)
  • QuoVadis TrustLink

Services not affected

These services are not affected by the maintenance activities:

  • PKI Platform 8 / API
  • PKI Platform 8 SCEP
  • PKI Platform 7 / API
  • PKI Platform 7 SCEP
  • DigiCert ONE managers

API note:

  • APIs will return "cannot connect" errors.
  • Certificate requests submitted during this window that receive a "cannot connect" error message will need to be placed again after services are restored.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance starts and when maintenance ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

Март 17, 2021

Pay invoice page request parameter CertCentral pay invoice Purchase order and invoice page New enhancement Services API purchase orders View. balance endpoint
new

CertCentral: New purchase order and invoice system

We are happy to announce that we are using a new purchase order and invoice system in CertCentral. We've made several changes to make it easier for you to manage your purchase orders and invoices.

The next time you sign in to CertCentral, you will see two new menu options under Finances: Pay Invoice and Purchase Orders and Invoices. Additionally, we now send all invoice emails from our new invoice system.

Pay invoices page

When you open the Pay invoice page, all invoices are preselected by default. You can choose to pay them all or select those you want to pay.

Note: If you use divisions with separate funds, when you open the Pay invoice page, all invoices for the top-level division are selected by default. Use the For dropdown to view the unpaid invoices by division in your account.

Purchase orders and invoices page

On the new Purchase orders and invoices page, you can create a purchase order (PO). In the Purchaseorders table, you can view pending and rejected POs. After we approve a PO, it becomes an invoice and moves to the Invoices table.

Note: If you use divisions with separate funds, you see the Purchase order and invoice summary page. When you click a division name, it opens the Purchase order and invoices page, where you can view the POs and invoices for that division.

In the Invoices column of the Invoices table, you can see the invoice number and the PO from which we generated it. You can download a copy of the invoice or pay the invoice. When you click Pay invoice, we take you to the Pay invoice page to pay the invoice and make the funds available in your account.

Existing PO and Invoice migration

  • Autogenerated invoices
    When we migrated our billing system, we did not migrate your autogenerated invoices. At the end of March, we will autogenerate a new invoice for your total amount owed. However, you can make a payment on your account at any time on the Deposit Funds page (in the left main menu, go to Finances > Deposit Funds).
  • Invoices generated from approved purchase orders
    When we migrated your invoices to the new system, we gave them new invoice numbers. However, the associated purchase order number remains the same. If you have questions or trouble finding an invoice, please contact your account manager or DigiCert Accounts Receivable. Make sure to include your PO number and the original invoice number in the email.
enhancement

CertCentral Services API: View balance enhancements

To help you track financial data in your API integrations, we updated the View balance endpoint to return the following data:

  • unpaid_invoice_balance
    Unpaid invoice balance
  • negative_balance_limit
    Amount the balance can go into the negative
  • used_credit_from_other_containers
    Amount owed by other divisions in the account (for accounts with separate division funds enabled)
  • total_available_funds
    Total funds available for future purchases

Example response: 

Example response from the View balance endpoint

For more information, see the documentation for the View balance endpoint.

Март 12, 2021

reissues flexible certificates new endpoints DV SSL certificates intermediate CA certificates updated endpoints ICA selection New auto-reissue Services API Multi-year plan
enhancement

CertCentral Services API: Auto-reissue support for Multi-year Plans

We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.

You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.

Enable auto-reissue for a new order

To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.

By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.

Example request body:

Example order request body with auto reissue enabled

Note: In new order requests, we ignore the auto_reissue parameter if:

  • The product does not support Multi-year Plans.
  • Multi-year Plans are disabled for the account.

Update auto-reissue setting for existing orders

To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.

Get auto-reissue setting for an existing order

To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.

new

ICA certificate chain selection for public DV flex certificates

We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:

  • GeoTrust DV SSL
  • Thawte SSL 123 DV
  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • Encryption Everywhere DV

You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.

This feature allows you to:

  • Set the default ICA certificate chain for each supported public DV certificate.
  • Control which ICA certificate chains certificate requestors can use to issue their DV certificate.

Configure ICA certificate chain selection

To enable ICA selection for your account:

  1. Contact your account manager or our Support team.
  2. Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
  3. On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.

For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.

new

DigiCert Services API: DV certificate support for ICA certificate chain selection

In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:

Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.

Example DV certificate request:

Example DV TLS certificate request

For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.

Март 6, 2021

CIS api DigiCert One CertCentral PKI Platform 8 Direct Cert Portal PKI Platform 7 QuoVadis ACME scheduled maintenance SCEP Direct Cert Portal API ACME agent automation Discovery API Services API ACME agent automation API discovery
new

Upcoming scheduled maintenance

On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.

Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.

What can you do?

Please plan accordingly.

  • Schedule your high-priority orders, renewals, and reissues around the maintenance window.
  • To get live maintenance updates, subscribe to the DigiCert Status page. The subscription includes emails to let you know when maintenance starts and ends.
  • For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.

Services will be restored as soon as the maintenance is completed.

Февраль 19, 2021

domains Services API subaccounts organizations
new

CertCentral Services API: Новые конечные точки субучётная запись

Чтобы упростить управление субучетными записями, мы добавили две новые конечные точки в CertCentral Services API: Список доменов субучётная запись и Список организаций субучётная запись.

Февраль 17, 2021

Services API subaccounts Multi-year plan certcentral
enhancement

CertCentral Services API: Улучшена конечная точка «Создать субyчётная запись»

Чтобы предоставить вам больше возможностей для управления вашими субучетными записями, мы добавили два новых параметра запроса в конечную точку Создать субyчётная запись: child_name и max_allowed_multi_year_plan_length.

  • child_name – Используйте этот параметр, чтобы задать пользовательское отображаемое имя субучётная запись.
  • max_allowed_multi_year_plan_length – Используйте этот параметр для настройки максимальной продолжительности действия заказов на план долгосрочного обслуживания для субучётная запись.

Пример запроса JSON:

Create subaccount example request

После создания субучётная запись используйте конечную точку Информация о субучётная запись для просмотра "отображаемого" имени субучётная запись и допустимой продолжительности действия заказа на план долгосрочного обслуживания.

Февраль 6, 2021

certificate issuance DigiCert One CertCentral validation Direct Cert Portal QuoVadis QV Trust Link ACME SCEP Direct Cert Portal API ACME agent automation Discovery API Services API ACME agent automation API discovery MSSL CIS CWS
new

Предстоящее плановое техническое обслуживание

6 февраля 2021 г. с 22:00 до 24:00 MST (07 февраля 2021 г. с 05:00 до 07:00 UTC, DigiCert будет проводить критически важное техническое обслуживание.

Во время обслуживания перечисленные ниже службы будут отключены приблизительно в течение 60 минут. Тем не менее, в связи с объемом выполняемых работ могут возникнуть дополнительные перерывы в работе служб в течение двух часов.

Вы не сможете авторизоваться на этих платформах и получить доступ к этим службам и API:

  • CertCentral / API служб
  • Direct Cert Portal / Direct Cert Portal API
  • Служба выпуска сертификатов (CIS)
  • Простой протокол регистрации сертификатов (SCEP)
  • Discovery / API
  • ACME
  • Автоматизация агентов ACME / API

DigiCert не сможет выдавать сертификаты для этих служб и API:

  • CertCentral / API служб
  • Direct Cert Portal / Direct Cert Portal API
  • Служба выпуска сертификатов (CIS)
  • Простой протокол регистрации сертификатов (SCEP)
  • Полная безопасность веб-сайтов (CWS) / API
  • Managed PKI для SSL (MSSL) / API
  • QV Trust Link

На работу этих служб не повлияет проведение технического обслуживания:

  • PKI Platform 8
  • PKI Platform 7
  • Менеджеры DigiCert ONE

Примечание по API:

  • Службы по обработке транзакций, связанных с сертификатами, будут недоступны, например, размещение запросов на сертификаты, добавление доменов и размещение запросов на подтверждение полномочий.
  • API-интерфейсы будут выдавать ошибки в связи с “невозможностью установления соединения”.
  • Запросы на сертификаты, размещаемые в течение данного периода, и в ответ на которые появляется сообщение об ошибке "Невозможно подключиться", необходимо будет разместить повторно после восстановления работы служб.

Что я могу сделать?

Планируйте свою деятельность соответствующим образом:

  • Не планируйте размещать заказы с высоким приоритетом, продления сроков действия или перевыпуск на этот период проведения технического обслуживания.
  • Учитывайте перерывы в работе, если вы используете API для мгновенного выпуска сертификатов и автоматизированных задач.
  • Подпишитесь на станицу Статус DigiCert для получения обновлений в реальном времени.
  • См. График обслуживания DigiCert на 2021 г. Для ознакомления с датами и временем проведения планового технического обслуживания.

Предоставление услуг будет восстановлено сразу после завершения обслуживания.

Январь 20, 2021

subaccounts order validity Units CertCentral product settings Services API Multi-year plan
new

CertCentral Services API: Новые конечные точки «Подробные данные заказа на единицы» и «Отменить заказ на единицы»

Мы рады сообщить о том, что добавили две новые конечные точки в CertCentral Services API: Подробные данные заказа на единицы и Отменить заказ на единицы.

Эти конечные точки позволяют получать информацию о заказе на единицы и отменять заказ на единицы.

Отмена заказа на единицы:

  • Можно отменить заказ только в течение тридцати дней с момента его размещения.
  • Нельзя отменить заказ на единицы, если с указанной в заказе субучётная запись были потрачены какие-либо единицы.

Если вы управляете субучётная запись, в который используются единицы в качестве метода оплаты, теперь вы можете использовать Services API для выполнения следующих задач:

enhancement

CertCentral Services API: Улучшены конечные точки «Список продуктов», «Ограничения для продуктов» и «Информация о продукте»

Чтобы упростить поиск сроков действия доступных заказов для цифровых сертификатов в вашей учётная запись, мы добавили новые параметры ответа в конечные точки «Список продуктов», «Ограничения для продуктов» и «Информация о продукте».

Эти новые параметры отклика позволяют просматривать заданные по умолчанию и настраиваемые ограничения срока действия заказов для каждого продукта в вашей учётная запись.

Конечная точка списка продуктов

Параметр allowed_order_validity_years отображает список поддерживаемых периодов действия заказов для каждого продукта в вашей учётная запись.

Конечная точка ограничений для продуктов

Параметр allowed_order_lifetimes отображает список настраиваемых ограничений срока действия заказов для пользователей с различными назначениями подразделений и ролей пользователей в вашей учётная запись.

Конечная точка информации о продукте

  • Параметр allowed_order_validity_years отображает список сроков действия заказа, доступных при запросе сертификата.
  • Параметр custom_order_expiration_date_allowed отображает булево значение, описывающее, можно ли задать настраиваемую дату истечения срока действия заказа при размещении запроса на сертификат.
enhancement

CertCentral Services API: Улучшена конечная точка «Информация о заказах субучётная запись»

Чтобы облегчить поиск информации о сроках действия распоряжений по заказам субучётная запись, мы добавили новые параметры ответа в конечную точку Информация о заказах субучётная запись. Эти новые параметры ответа позволяют просмотреть начальную дату заказа, конечную дату заказа, а также определить, подразумевает ли заказ план долгосрочного обслуживания.

  • Параметр is_multi_year_plan отображает "1", если заказ подразумевает план долгосрочного обслуживания.
  • Параметр order_valid_from отображает начальную дату периода действия заказа.
  • Параметр order_valid_till отображает конечную дату периода действия заказа.

Пример ответа с новыми параметрами

Subaccount order updates

Январь 9, 2021

CIS CWS certificate issuance validation certcentral discovery MSSL Direct Cert Portal QuoVadis QV Trust Link ACME SCEP Direct Cert Portal API ACME agent automation Discovery API Services API ACME agent automation API
new

Предстоящее плановое техническое обслуживание

9 января 2021 г. с 22:00 до 24:00 MST (10 января 2021 г. с 05:00 до 07:00 UTC DigiCert будет проводить плановое техническое обслуживание.

Несмотря на то, что мы имеем резерв, позволяющий защитить вашу службу, некоторые сервисы DigiCert могут оказаться недоступными в это время.

Что вы можете сделать?
Планируйте свою деятельность соответствующим образом.

  • Не планируйте заказы с высоким приоритетом, продление срока действия, перевыпуск или дублирование сертификатов на период обслуживания.
  • Для обновления в реальном времени подпишитесь на страницу Статус DigiCert.
  • Информацию о датах и времени проведения планового технического обслуживания см.в разделе График обслуживания DigiCert на 2021 г.

Предоставление услуг будет восстановлено сразу по завершению обслуживания.

Декабрь 22, 2020

renewal CertCentral email settings API Documentation Services API renewal notifications
new

CertCentral Services API: Обновите настройки уведомления о продлении срока действия

Мы добавили новую конечную точку в контракт CertCentral Services API: Обновите настройки уведомления о продлении срока действия. С помощью этой конечной точки можно включить или отключить уведомления о продлении срока действия заказа на сертификат. 

Для ознакомления с более подробной информацией изучите справочную информацию для этой конечной точки в документации Services API:

Декабрь 17, 2020

MyP dcv methods Domains page certcentral product settings customer order lengths public ssl certificates domains.csv report domain expirations enhancement Services API Multi-year plan
enhancement

Настройка срока действия плана долгосрочного обслуживания DigiCert

Мы рады сообщить о том, что теперь вы можете настроить пользовательский срок вашего плана долгосрочного обслуживания (MyP) при размещении запроса на сертификат TLS в CertCentral. В формах запроса на сертификат TLS используйте новый параметр Настраиваемый срок действия заказа для настройки длительности заказа на сертификат TLS.

Примечание: Максимальный срок действия сертификата TLS составляет 397 дней в соответствии с отраслевыми стандартами. См. Завершение срока действия 2-летних открытых сертификатов SSL/TLS.

Настраиваемый срок действия заказа на план долгосрочного обслуживания можно задать в днях или по дате истечения срока действия. Максимальная продолжительность заказа составляет 2190 дней (6 лет). Минимальная продолжительность заказа составляет 7 дней.

Примечание: Срок действия индивидуальных заказов начинается со дня выпуска сертификата по заказу. Стоимость заказа рассчитывается пропорционально выбранному сертификату и настраиваемому сроку действия заказа.

Чтобы настроить продолжительность обслуживания MyP

  1. На форме запроса на сертификата нажмите Выбрать продолжительность обслуживания.
  2. В диалоговом окне «На какое время вам необходима защита вашего сайта?» выберите Настраиваемый срок действия заказа.
  3. В разделе «Выберите настраиваемую продолжительность действия заказа» настройте срок действия для своего плана долгосрочного обслуживания:
    1. Настраиваемая продолжительность действия заказа
      Укажите продолжительность вашего плана в днях.
    2. Настраиваемая дата окончания срока действия заказа
      Назначьте день истечения срока действия вашего плана.
  4. Нажмите Сохранить.
enhancement

Обновлены настройки продукта для открытых сертификатов TLS

В целях обеспечения большего контроля над процессом оформления заказов на сертификаты мы обновили параметры настройки продуктов для открытых сертификатов TLS: Теперь вы можете определить допустимую продолжительность заказа на план долгосрочного обслуживания, которую пользователи могут выбрать при размещении заказа на открытый сертификат TLS.

На странице настроек сертификата TLS используйте параметр Допустимые периоды действия, чтобы определить, какие сроки заказов MyP будут отображаются в форме запроса на сертификат TLS: 1 год, 2 года, 3 года, 4 года, 5 лет и 6 лет. Обратите внимание на то, что изменения, внесенные в настройки продукта, применяются к запросам, размещаемым посредством CertCentral и Services API.

Примечание: Ранее параметр Допустимые периоды действия использовался для определения максимального срока действия сертификата, который пользователь мог выбрать при заказе открытого TLS-сертификата. Тем не менее, с переходом отрасли на 1-годичные сертификаты этот параметр больше не требуется для определения срока сертификата. См. Завершение срока действия 2-летних открытых сертификатов SSL/TLS.

Порядок настройки допустимых сроков действия заказов MyP на сертификат TLS

  1. В левой части главного меню перейдите в раздел Настройки > Настройки продукта.
  2. На странице «Настройки продукта» выберите открытый сертификат TLS. Например, выберите Secure Site OV.
  3. В разделе Secure Site OV в раскрывающемся списке Допустимые периоды действия выберите периоды действия.
  4. Нажмите Сохранить настройки.

В следующий раз, когда пользователь будет заказывать сертификат Secure Site OV, он увидит только тот период действия, который вы выбрали в форме запроса.

Примечание: Установка ограничений на продолжительность заказа на план долгосрочного обслуживания исключает параметр настраиваемого срока действия из ваших форм запроса на сертификат TLS.

enhancement

Страница домена CertCentral: Улучшенный отчет domains.csv

На странице доменов мы улучшили отчет CSV, чтобы было легче отслеживать даты истечения срока действия валидации доменов OV и EV и просматривать ранее использовавшийся метод подтверждения полномочия управления доменом (DCV).

При следующем скачивании файла CSV, вы увидите три новых столбца в отчете:

  • Истечение срока действия OV
  • Истечение срока действия EV
  • Метод DCV

Чтобы скачать отчет domains.csv

  1. В левой части главного меню перейдите в раздел Сертификаты > Домены.
  2. На странице «Домены» в раскрывающемся списке Download CSV выберите Скачать все записи.

Когда вы откроете файл domains.csv, вы увидете новые столбцы и информацию в отчете.

Декабрь 3, 2020

orders page Units certcentral New enhancement Services API API documentation
enhancement

Страница заказов CertCentral: Улучшенное время загрузки

В CertCentral мы обновили страницу «Заказы» с целью сокращения времени загрузки для тех, кто управляет большим количеством заказов на сертификаты. При следующем посещении страницы «Заказы» она откроется гораздо быстрее (в левой части главного меню перейдите к пункту Сертификаты > Заказы).

С целью сокращения времени загрузки мы изменили способ фильтрации заказов на сертификаты при первом просмотре страницы. Ранее мы фильтровали страницу для отображения только активных заказов на сертификаты. Тем не менее, это приводило к определенным проблемам для тех, кто обрабатывал большие объемы заказов на сертификаты. Чем больше заказов было в учётная запись, тем дольше открывалась страница «Заказы».

Теперь, когда вы заходите на страницу, мы отображаем все ваши сертификаты без фильтрации в порядке убывания, при это самые последние оформленные заказы на сертификаты отображаются первыми в списке. Для просмотра только активных сертификатов в раскрывающемся списке Статус выберите Активные и щелкните по Перейти.

new

CertCentral Services API: Приобретение единиц для субучётная запись и просмотр заказов на единицы

В API CertCentral Services мы добавили новые конечные точки для приобретения единиц и просмотра заказов на единицы. Теперь, если вы управляете субучетными записями, в которых используются единицы в качестве способа оплаты запросов на сертификаты, вы можете использовать Services API для приобретения большего количества единиц для субучётная запись и получения информации об истории заказов на единицы.

Более подробную информацию см. в справочной документации для новых конечных точек:

Декабрь 2, 2020

Product info Vouchers emergency contacts ICA selection Services API API documentation organization validation
enhancement

CertCentral Services API: Обновления документации

Мы рады сообщить о следующих обновлениях документации по CertCentral Services API:

  • Новый API предварительного расчета цены ваучера
    Мы опубликовали новую справочную тему для конечной точки Предварительный расчет цены. Клиенты, использующие ваучеры, могут использовать эту конечную точку для предварительного расчета стоимости заказа (включая налог) для определенных конфигураций ваучеров.
  • Обновленный API словаря
    Мы обновили словарь, добавив новую таблицу для определения различных значений статуса валидации организации. См. Словарь – Статусы проверки достоверности организации.
  • Добавлен параметр запроса в документацию по обновлению адресов электронной почты учётная запись
    Мы добавили параметр запроса emergency_emails в документацию для конечной точки Обновить адреса электронной почты учётная запись. Используйте данный параметр для обновления адресов электронной почты, на которые поступают экстренные оповещения от DigiCert.

Пример Обновить адреса электронной почты учётная запись в теле запроса:

emergency_emails.png
  • Добавлены параметры ответа в документацию с информацией о продукте
    Мы добавили параметры ответа validation_type, allowed_ca_certs, и default_intermediate в документацию для конечной точки Информация о продукте.
    • Используйте параметр validation_type для получения сведений о типе подтверждения достоверности для данного продукта.
    • Используйте параметр allowed_ca_certs для получения информации о сертификатах ICA, которые можно выбрать при заказе данного продукта. *
    • Используйте параметр default_intermediate для получения идентификатора ICA по умолчанию для данного продукта. *

Пример Информация о продукте в ответных данных:

Product info response.png

* Примечание: Конечная точка Информация о продукте включает в ответ параметр allowed_ca_certs и default_intermediates только для продуктов, поддерживающих выбор ICA. Для открытых SSL-сертификатов, поддерживающих выбор ICA (гибкие сертификаты OV и EV), эти параметры указываются в ответе, только в том случае, если для учётная запись включен выбор ICA. Кроме того, параметр default_intermediates включается в ответ только в том случае, если администратор настроил параметр продукта для подразделения или роли пользователя в учётная запись. Более подробную информацию см. в разделе Параметр цепочки сертификатов ICA для открытых гибких сертификатов OV и EV.

Ноябрь 3, 2020

CertCentral API DCV tokens OV SSL certificates domain validation EV SSL certificates Services API
enhancement

CertCentral Services API: Добавлены токены DCV для новых доменов в ответные данные для заказов на сертификаты OV и EV

Мы обновили конечные точки для заказа открытых сертификатов OV и EV SSL для включения в ответ токенов запроса на подтверждение полномочия управления доменом (DCV) для новых доменов в заказе.

Теперь, когда вы запрашиваете сертификат OV или EV, вам больше не придется отправлять отдельные запросы для получения токенов запроса DCV для новых доменов в заказе. Вместо этого вы можете получить токены непосредственно в данных ответа на запрос заказа.

Пример данных ответа:

Example response for an OV order with a new domain

Примечание: Объект dcv_token не включается в ответ для доменов, достоверность которых будет проверяться в рамках проверки другого указанного в заказе домена — для доменов, которые уже существуют в вашей учётная запись, или для субдоменов существующих доменов.

Это обновление предназначено для следующих конечных точек:

Октябрь 13, 2020

OV/EV order forms product settings public ssl certificates ICAs EV SSL certificates OV SSL certificaates New intermediate CA certificates new endpoint updated endpoints ICA selection api Services API flexible certificates
new

Выбор цепочки сертификатов ICA для открытых гибких сертификатов OV и EV

Мы рады сообщить о том, что открытые сертификаты OV и EV с гибкими возможностями теперь поддерживают выбор цепочки сертификатов промежуточных ЦС.

Вы можете добавить в свою yчётная запись CertCentral параметр, позволяющий контролировать, какая цепочка сертификатов центра сертификации DigiCert ICA выдает "гибкие" открытые сертификаты OV и EV.

Этот параметр позволяет:

  • Задавать цепочки сертификатов ICA по умолчанию для каждого открытого гибкого сертификата OV и EV.
  • Контролировать, какие цепочки сертификатов ICA могут использовать запрашивающие сертификаты лица для выпуска гибкого сертификата.

Настройка выбора цепочки сертификатов ICA

Для включения функции выбора ICA для вашей учётная запись обратитесь к менеджеру вашей учётная запись или к специалистам нашей группы поддержки. Затем в своей учётная запись CertCentral на странице «Настройки продукта» (в левой части главного меню перейдите в Настройки > Настройки продукта) настройте промежуточные элементы по умолчанию и разрешенные промежуточные элементы для каждого типа гибкого сертификата OV и EV.

Более подробную информацию и пошаговые инструкции см. в разделе Параметр цепочки сертификатов ICA для открытых гибких сертификатов OV и EV.

new

Поддержка DigiCert Services API для выбора цепочки сертификатов ICA

В DigiCert Services API мы внесли следующие обновления для поддержки выбора ICA в ваших интеграциях API:

  • Конечная точка Созданный новый продукт Ограничения для продуктов
    Используйте эту конечную точку для ознакомления с информацией об ограничения и параметрах настройки для продуктов, разрешенных для каждого подразделения в вашей учётная запись. Включает значения ID для заданных по умолчанию и разрешенных цепочек сертификатов ICA для каждого продукта.
  • Добавлена поддержка выбора ICA в запросах заказов на открытые гибкие сертификаты TLS OV и EV
    После завершения настройки разрешенных промежуточных элементов для продукта можно выбрать цепочку сертификатов ICA, которая должна выпустить ваш сертификат, когда вы используете API для отправки запроса на заказ.
    Укажите ID выпускающего сертификат ICA в качестве значения для параметра ca_cert_id в теле своего запроса на заказ

Пример запроса на гибкий сертификат:

Example flex certificate request

Для ознакомления с дополнительной информацией об использовании функции выбора ICA в своих интеграциях API см. раздел Жизненный цикл сертификата OV/EV — (Необязательный) Выбор ICA.

Август 26, 2020

certcentral public ssl certificates Services API Multi-year plan MyP
enhancement

Планы долгосрочного обслуживания DigiCert®, доступные для всех открытых сертификатов DigiCert SSL/TLS

Мы рады сообщить, что теперь для всех открытых сертификатов SSL/TLS в CertCentral теперь доступны планы долгосрочного обслуживания. Эти планы позволяют оплачивать сертификаты SSL/TLS по цене со скидкой на срок до шести лет.

Примечание: Корпоративные лицензионные соглашения (ELA) поддерживают только планы долгосрочного обслуживания сроком на 1 и 2 года. Контракты с заранее установленной ценой не поддерживают Планы долгосрочного обслуживания. Если у вас есть контракт с заранее установленной ценой, обратитесь к администратору своей учётная запись для нахождения решения, подходящего для вашего контракта.

В рамках Планов долгосрочного обслуживания вы выбираете сертификат SSL/TLS, требуемую продолжительность покрытия (до шести лет) и срок действия сертификата. До истечения срока действия Плана вы перевыпускаете свой сертификат без оплаты каждый раз при окончании срока его действия. Подробные сведения см. в разделе Планы долгосрочного обслуживания.

enhancement

Изменения DigiCert Services API в поддержку планов долгосрочного обслуживания

В нашем Services API мы обновили конечные точки открытых сертификатов SSL/TLS для поддержки оформления заказа на сертификат с планом долгосрочного обслуживания.

В каждую конечную точку для оформления заказа на открытый сертификат SSL/TLS мы добавили новые необязательные* параметры запроса. Кроме того, мы обновили эти конечные точки таким образом, что срок действия вашего заказа больше не должен совпадать со сроком действия вашего сертификата.

  • Новый необязательный cert_validity параметр
    Используйте этот параметр для определения срока действия первого сертификата, выпущенного по заказу. Если вы не укажите параметр cert_validity в своем запросе, срок действия вашего сертификата по умолчанию будет равен максимальному допустимому сроку действия в соответствии с требованиями DigiCert и отраслевых стандартов или сроку действия заказа, в зависимости от того, какой срок истекает раньше.
  • Новый необязательный order_validity параметр*
    Используйте этот параметр для определения срока действия заказа. Срок действия заказа определяет продолжительность плана долгосрочного обслуживания.
  • Обновленные validity_years, validity_days, custom_expiration_date параметры верхнего уровня*
    Для существующих интеграций API по-прежнему можно использовать эти существующие параметры для определения срока действия заказа. Тем не менее, мы рекомендуем вам обновить свои интеграции с целью применения новых параметров. Помните, что при использовании планов долгосрочного обслуживания срок действия вашего заказа может отличаться от срока действия вашего сертификата.

*Примечание: Запросы должны содержать значение либо для объекта order_validity, либо для одного из высокоуровневых параметров срока действия заказа: validity_years, validity_days, или custom_expiration_date. Значения, указанные в объекте order_validity, переопределяют высокоуровневые параметры срока действия.

Эти изменения не должны повлиять на ваши текущие интеграции. Тем не менее, в целях максимального увеличения покрытия SSL/TLS можно начать приобретать открытые сертификаты SSL/TLS с планом долгосрочного обслуживания. Информацию об интеграции API см. в разделе План долгосрочного обслуживания.

Пример запроса на сертификат с новыми параметрами

Example SSL certificate request with new certificate and order valdity parameters

Июль 22, 2020

documentation api TLS 1.0 TLS 1.1 browsers DCV certcentral compliance Services API DV certificate issuance error messages CertCentral Partners Multi-year plan MyP
new

Теперь доступен план долгосрочного обслуживания

Мы рады сообщить, что теперь в CertCentral и CertCentral Partners доступны планы долгосрочного обслуживания.

Планы долгосрочного обслуживания DigiCert® позволяют оплачивать сертификаты SSL/TLS по цене со скидкой на срок до шести лет. В рамках Планов долгосрочного обслуживания вы выбираете сертификат SSL/TLS, требуемую продолжительность покрытия (до шести лет) и срок действия сертификата. До истечения срока действия Плана вы перевыпускаете свой сертификат без оплаты каждый раз при окончании срока его действия.

1 сентября 2020 года максимальный срок действия сертификата SSL/TLS сократится с 825 дней до 397 дней. При приближении окончания срока действия активного сертификата в рамках плана долгосрочного обслуживания вы перевыпускаете его для поддержания покрытия SSL/TLS.

compliance

Прекращена браузерная поддержка TLS 1.0 и 1.1

Четыре основных браузера больше не поддерживают безопасность транспортного уровня (TLS) версий 1.0 и 1.1.

Что вы должны знать

Данное изменение не влияет на ваши сертификаты DigiCert. Ваши сертификаты продолжат работать в обычном режиме.

Это изменение влияет на сервисы и приложения, работа которых зависит от браузера, и которые используют протокол TLS 1.0 или 1.1. После прекращения браузерной поддержки TLS 1.0 и 1.1 все устаревшие системы не смогут устанавливать HTTPS-соединения.

Что нужно сделать

Если вас коснулось это изменение и ваша система поддерживает более современные версии протокола TLS, обновите конфигурацию сервера в кратчайший срок до TLS 1.2 или TLS 1.3.

Если вы не перейдете на TLS 1.2 или 1.3, ваш веб-сервер, система или агент не смогут использовать HTTPS для безопасного взаимодействия с сертификатом.

Информация об устаревании TLS 1.0/1.1 в браузерах

Firefox 78, дата выпуска: 30 июня 2020 г.

Safari 13.1, дата выпуска: 24 марта 2020 г.

Chrome 84, дата выпуска: 21 июля 2020 г.

Edge v84, дата выпуска: 16.07.2020

Полезные ресурсы

При наличии такого большого количества уникальных систем, работающих с TLS, мы не может описать все возможные пути обновления, но все-таки приведем ниже несколько ссылок, которые могут оказаться полезными:

enhancement

CertCentral Services API: Обновленная документация для сообщений об ошибках

В документации Services API мы обновили страницу Jib,rb , в частности, мы включили описания сообщений об ошибках, связанных со следующими действиями:

  • Немедленный выпуск DV-сертификата
  • Подтверждение управления доменом (DCV)
  • Проверка записей в ресурсе авторизации центром сертификации (CAA)

Ранее в этом году мы улучшили API для заказов на сертификаты DV и запросов DCV в целях предоставления более подробных сообщений об ошибках в случае сбоя проверок записей ресурсов DCV, авторизации файлов, поиска DNS или CAA. Теперь при получении одного из этих сообщений об ошибке проверьте страницу «Ошибки» для ознакомления с дополнительной информацией об устранении неполадок.

Для получения более подробной информации:

О проекте

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.